A few security lessons from the Target breach

Susan Bradley

The Target breach points out some facts of life on the Web: We’re all targets (pun intended) of cyber thieves.

Fortunately, there are steps we can take to protect ourselves. Here’s how to protect yourself from the next big breach.

I am a target. I shop online, I shop in large department stores, and I regularly use credit and debit cards. Shopping at large stores that process thousands of sales daily makes me even more of a target, because my transaction information (name, account number, etc.) gets combined with that of all other shoppers. And I became a potential victim when I shopped at Target this past Christmas shopping season.

These days, every time I swipe my credit card on a point-of-sale system, I think to myself: “Is this vendor doing all they can to keep me safe?” Retail companies believe they are; claiming that by following the Payment Card Industry (PCI) standards, they’re doing all they can to keep customer credit-card information safe. But I’m not convinced — especially in the U.S. European credit cards are considered more difficult to hack because they use an onboard security chip rather than the magnetic stripe common on U.S. cards.

Malware designed to attack point-of-sale systems

Many ATMs and point-of-sale (POS) systems use a version of Windows called Windows Embedded (more info). Built on Windows XP, Windows 7, or Windows 8, this specialized software is designed to have a small footprint and allow limited rights. Unlike other Windows versions, Windows Embedded has write filters that let only administrators write to the system’s RAM or C: drive.

I use Win7-based Windows Embedded on specific workstations in my office. It lets only authorized users sign in to a server. These workstations’ only function is to support the I/O functions of a keyboard, a mouse, two monitors, and a printer. The server — a much more powerful computing device than a typical desktop PC — handles all the real processing.

Windows 7 Embedded was released in July 2010. But Windows XP Professional for Embedded Systems dates back to Dec. 31, 2001 — and will be supported by Microsoft until the end of 2016, as noted on a Microsoft Product Lifecycles page. (In contrast, support for desktop versions of Windows XP ends in less than three months.)



This article is part of our premium content. Join Now.

Already a paid subscriber? Click here to login.



= Paid content

All Windows Secrets articles posted on 2014-01-23:

Susan Bradley

About Susan Bradley

Susan Bradley is a Small Business Server and Security MVP, a title awarded by Microsoft to independent experts who do not work for the company. She's also a partner in a California CPA firm.